BETAmodules.com is in beta — open to partnerships & joint ventures.Build with us
modules.com
⌘K

mcp-armor

v0.7.0crates.io· Rust

Drop-in Rust sidecar that wraps any MCP server: scans tool calls for prompt injection (UTS-39 confusable-folding + Unicode strip + Aho+Regex), validates Ed25519 manifest signatures with TOFU keystore + Sigstore Rekor bridge, strips loader-class env keys (LD_PRELOAD, NODE_OPTIONS, ...) from spawned children, detects tools/list schema drift (Layer 7 closes rug-pull / silent-redefinition class with NFKC-canonical fingerprint + bidirectional inbound/outbound gate + BLAKE3 or SHA-256 backend for FIPS/PCI/HIPAA + optional JCS RFC 8785 canonicalisation + _meta.fingerprint cross-tool audit injection), serves a fully-wired rmcp 1.5 control-plane behind the rmcp-control feature (MCP spec 2025-11-25, closes CVE-2026-42559 transitively), exports OTLP gRPC telemetry, blocks marketplace-poisoning vectors. <5ms p99 overhead.

The verdict
Maintained. Niche but maintained, actively maintained.
Live from the crates.io registry · derived rules, not AI
How it scores
MaintenanceHealthy
PopularityNiche
SecurityClean
LicensePermissive
DepsZero deps
Maintenance
Last published this month.
Popularity
9 downloads / week
Security
No known advisories for this version (OSV).
License
MIT
Dependencies
No runtime dependencies
Recent releases
  • 0.7.0this month
  • 0.6.0this month
  • 0.5.0this month
  • 0.4.0this month
  • 0.3.0this month
  • 0.2.0this month
  • 0.1.1this month
  • 0.1.0this month